I figured out where the (lame) bug really was. The password GUI had a non null-terminated string issue with the password, which worked in some case and not with this one... I should slap myself each time I don't check the simple things first, sorry for the inconvenience guys.
btw I use openssl-0.9.8.k, on windows xp & windows mobile 6.x For keyfirst.pem generation, i appended the cert pem part to the private key pem part* *(in the same way they do it in O'reily's "network security with Openssl" book) *********keyfirst.pem******************** -----BEGIN RSA PRIVATE KEY----- MIIEp[...] -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEG[...] -----END CERTIFICATE----- ************eof**************************** and *********certfirst.pem******************** -----BEGIN CERTIFICATE----- MIIEG[...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIEp[...] -----END RSA PRIVATE KEY----- ************eof**************************** It's unrelated to my original problem, but i'd be glad to understand the asn1parse tool better :) Nicolas Pelloux-Prayer 2010/2/18 Dr. Stephen Henson <st...@openssl.org> > On Wed, Feb 17, 2010, Nicolas Pelloux-Prayer wrote: > > > I'm trying to extract the cert/private key pair from a pkcs#12 file using > > the PKCS12_parse method. It works fine for most p12 I used before, then I > > ran into a strange p12 which doesnt work (returned cert & pkey are both > > NULL). > > > > [snip] > > > > It seems to me that this p12 file could be broken, as i usually use p12 > file > > containing first a cert bag then a shrouded bag. This LocalKeyID seems > > strange too, maybe it's the source of the problem ? > > The order shouldn't matter. The PKCS12_parse() function looks through the > whole structure attempting to find a private key and matching certificate. > > The LocalKeyID is fine. > > > > > > ********************************************************************************************************************* > > >openssl asn1parse -in keyfirst.pem -i -dump > > > > 0:d=0 hl=4 l=1189 cons: SEQUENCE > > 4:d=1 hl=2 l= 1 prim: INTEGER :00 > > 7:d=1 hl=4 l= 257 prim: INTEGER > > :A3A4D74BE2BE77C4775260C1DEAFA4154067B61631A5F401A579FE338E83D487823 > > > BD19452C5D7DC68C4440F484798411DE81C4D6639855A54B3DCF0A9565C5454C4829D7AF95A1AEABF96E449D8A707447B0DCA5074FB467A3E272 > > > C51EBCA0DEB09529E6E99CF0BE9EC2553F0B076E7183E84F3609588CF2D0D15DA8B2DC67A652B8AC7A565ABFDFCDA0181264FBB59FBFCF15ED82 > > 1ABB81785DBC08E5D00021AC50FE9FAE7FD3B475E729E18C4222EA2EDB9F > > 268:d=1 hl=2 l= 3 prim: INTEGER :010001 > > 273:d=1 hl=4 l= 256 prim: INTEGER > > :3D6D8E67ED08A47ABA73D0E05590471EB71B774DA37B713A00FCE740413A195878B > > > 4F2EA239C22A899273B89250FC306868C6FBB5A293376B21F064BCCB51F5984AC737F5BFF2824BC8408C74F352595E3CDF162458B741B839DBB2 > > > AD20021607B0608E56091D26B95B8C62658757F9D57113D186AC72CC6422EDA3A5872B47E0F3B219900F37E8706908014F8CB2DFC6F24BE932BA > > FD04218FB5BD6A0B6693925B25D0B165BA493E5913D53092645578892429 > > 533:d=1 hl=3 l= 129 prim: INTEGER > > :E773A7413DEE5B82C3E4468A13D2C30D8303091CA73F2DF455DE3420C57E58A809F > > > C9192DDD46333A1D3614CEDAF29326EF1CF062F4377E89278A8F3E984A9B323E56D8AE2D87EA76D698D04B9B2E78DE51208A6B44EB4FB9029C99 > > 665:d=1 hl=3 l= 129 prim: INTEGER > > :B50013F4A1D44EE350073A32BB7E616981EA22085EEF237FBCA6C4A86B8D61A1B50 > > > FBD0A875DC6D0F836B29F4CAB2710FD472ACAB3788DB61D7B7B45B8E19E9928F488FC963E4285339A7C4FAB17459D61A14944D3B1CD23FC561B8 > > 797:d=1 hl=3 l= 129 prim: INTEGER > > :BAABBB94D2174135393B0E6D64C992C97E05DFBE7D616675EF1F74D98D8F767FA8F > > > 6227EDA6CE6C988D60C5ED84072B09B6C69756A7F36E19BE8B7136A1EB623A66AEF2B9A03D43AC2F2E36A913F2AA475C152BAE927A5AE533A70C > > 929:d=1 hl=3 l= 129 prim: INTEGER > > :AC8A787B7951342A88FD7AC325ECA1DBBC167F7ECF50D3DC4EF003043212C2812E5 > > > AFE406D2E3DFAB2C3219FADAC723F45D273BE6B3B7E8B9EAB39A60B4A38AFF454B7C96147D48DB9D588AF417F9BC31D706CB209C3B2B49D35506 > > 1061:d=1 hl=3 l= 129 prim: INTEGER > > :BBD3149E16F8417CD2C183BA7D1B81FACE36A080509C9785455AAC5E8E1F9DD622D > > > FB89EC460F8F87B6221AE6F765B6B25588F211323187A74E68EF603FC4F703CC53E1BD74C3A07A2ED82F22555FD9CAD31BAE4582414C05FC9B06 > > 1193:d=0 hl=2 l= 4 prim: appl [ 21 ] > > 1199:d=0 hl=2 l= 107 cons: appl [ 18 ] > > Error in encoding > > 4516:error:0D07209B:asn1 encoding routines:ASN1_get_object:too > > long:.\crypto\asn1\asn1_lib.c:142: > > > > That's an ASN1 parsing error. Looks like trailing garbage after the key: > how > did you create that keyfirst.pem file? > > Do you get an error using PKCS12_parse() (if so what is it?). Does the > certificate end up being dumped in the CA certificate list instead of the > user > certificate if PKCS12_parse() succeeds? > > Which version of OpenSSL are you using? The PKCS12_parse() algorithm was > changed in 1.0.0 and later to tackler broken files which set localKeyID > inconsistently. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
